Abstract: Solutions are provided that allow a network device to apply flow control on the MAC layer while taking into account the priority of the frame of traffic. This may be accomplished by generating a frame indicating that traffic flow should be paused, while utilizing a new opcode value, or alternatively by utilizing a new type/length value (possibly combined with a new opcode value). A receiving device may then examine the fields of the frame to determine whether it should it should use priority-based pausing, and then examine other fields to determine which priority-levels to pause and for how long. This allows for improved efficiency in flow control on the MAC layer.

Abstract: The present invention provides systems and methods for providing data transmission speeds at or in excess of 10 gigabits per second between one or more source devices and one or more destination devices. According to one embodiment, the system of the present invention comprises a first and second media access control (MAC) interfaces to facilitate receipt and transmission of packets over an associated set of physical interfaces. The system also contemplates a first and second field programmable gate arrays (FPGA) coupled to the MAC interfaces and an associated first and second memory structures, the first and second FPGAs are configured to perform initial processing of packets received from the first and second MAC interfaces and to schedule the transmission of packets to the first and second MAC interface for transmission to one or more destination devices. The first and second FPGAs are further operative to dispatch and retrieve packets to and from the first and second memory structures.

Abstract: A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.

Abstract: A method of allocating power to ports in an Ethernet switch, including: (1) determining the available capacity of a power pool used to supply the ports, (2) assigning a configuration power to each of the ports, (3) selecting a port to be enabled, (4) determining whether the available capacity of the power pool exceeds the configuration power assigned to the selected port, and, if the available capacity of the power pool exceeds the configuration power assigned to the selected port, then (4) subtracting the configuration power assigned to the selected port from the available capacity of the power pool, (5) enabling and powering the selected port and simultaneously detecting whether the selected port is connected to a powered device, and (6) adding the configuration power assigned to the selected port to the available capacity of the power pool if the port is not connected to a powered device.

Abstract: Systems and methods are described for providing network route redundancy through Layer 2 devices, such as a loop free Layer 2 network having a plurality of switching devices. A virtual switch is coupled to the loop free Layer 2 network, the virtual switch having two or more switches configured to transition between master and backup modes to provide redundant support for the loop free Layer 2 network, the switches communicating their status through use of a plurality of redundancy control packets. The system also includes means for allowing the redundancy control packets to be flooded through the Layer 2 network. The means may include time-to-live data attached to the redundancy control packet which is decremented only when the packets are transferred through devices which are configured to recognize the protocol used in redundancy control packets.

Abstract: Techniques for detecting and responding to attacks on computer and network systems including denial-of-service (DoS) attacks. A packet is classified as potentially being an attack packet if it matches an access control list (ACL) specifying one or more conditions. One or more actions may be performed responsive to packets identified as potential attack packets. These actions may include dropping packets identified as potential attack packets for a period of time, rate limiting a port over which the potential attack packets are received for a period of time, and other actions.

Abstract: Licensed connections to network resources or services, such as servers or applications, are managed, including setting, limiting, monitoring, enforcing, recording, reporting, or otherwise managing licenses across multiple network resources. Real-time information that tracks license usage is logged. Reporting features are provided to allow a system administrator, vendor, network operator, or other entity to access the log information to determine license usage and compliance. Layer 7 information is used for determining distribution of licensed connections, including an implementation where connection to mail servers is distributed according to username. License management may be performed with or without using load-balancing technology.

Abstract: A system and method that modifies the behavior of the IEEE 802.1D STP standard to thereby decouple the one data domain from the one control domain involves managing multiple spanning tree protocol (STP) instances in a virtual local area network (VLAN). The method includes the step of assigning a unique set of ports within the VLAN to each of the multiple STP instances. Then, each of the multiple STP instances are managed to keep each of the multiple STP instances separate. Finally, when a topology change is detected in one of the multiple STP instances, entries that have been learned on the unique set of ports assigned to the STP protocol instance where the topology change is detected are fast-aged or transitioned from one state to another.

Abstract: A backplane interface adapter with error control and redundant fabric for a high-performance network switch. The error control may be provided by an administrative module that includes a level monitor, a stripe synchronization error detector, a flow controller, and a control character presence tracker. The redundant fabric transceiver of the backplane interface adapter improves the adapter's ability to properly and consistently receive narrow input cells carrying packets of data and output wide striped cells to a switching fabric.

Abstract: Techniques for finding an optimized local repair path that may be used to signal a local repair connection for a protected connection. The optimized local repair path starts at a node in the path associated with the protected connection and ends at a merge point node in the path associated with the protected connection that is downstream from the start node. Various techniques may be used for finding an optimized local repair path.

Abstract: Techniques for configuring a local repair connection for a protected connection including determining a path for the local repair connection. The path traversed by a local repair connection starts at a node in the path associated with the protected connection and ends at a merge point node in the path associated with the protected connection that is downstream from the start node. In one embodiment, the merge point node may even be more than two hops downstream from the start node in the path associated with the protected connection. The local repair path may include zero or more nodes that are not included in the path associated with the protected connection. Techniques are also described for optimizing the path associated with a local repair connection.

Abstract: A backplane interface adapter with error control and redundant fabric for a high-performance network switch. The error control may be provided by an administrative module that includes a level monitor, a stripe synchronization error detector, a flow controller, and a control character presence tracker. The redundant fabric transceiver of the backplane interface adapter improves the adapter's ability to properly and consistently receive narrow input cells carrying packets of data and output wide striped cells to a switching fabric.

Abstract: Embodiments of the present invention provide techniques for efficient generation of CRC values in a network environment. Specific embodiments of the present invention enable CRC processing circuits that can generate CRC values at high data throughput rates (e.g., 100 Gbps or greater), while being capable of being implemented on currently available FPGAs. Accordingly, embodiments of the present invention may be used in network devices such as routers, switches, hubs, host network interfaces and the like to support high speed data transmission standards such as 100G Ethernet and beyond.

Abstract: Techniques that assist in processing of failure detection protocol (FDP) packets. Techniques are provided that assist a CPU of a network device in processing incoming FDP packets. In one embodiment, only a subset of FDP packets received by the network device is forwarded to the CPU for processing, the other FDP packets are dropped and not forwarded to the CPU. In this manner, the amount of processing that a CPU of the network device has to perform for incoming FDP packets is reduced. This enables the network device to support newer FDPs with shorter periodic interval requirements.

Abstract: Embodiments of the present invention provide techniques for efficient generation of CRC values in a network environment. Specific embodiments of the present invention enable CRC processing circuits that can generate CRC values at high data throughput rates (e.g., 100 Gbps or greater), while being capable of being implemented on currently available FPGAs. Accordingly, embodiments of the present invention may be used in network devices such as routers, switches, hubs, host network interfaces and the like to support high speed data transmission standards such as 100G Ethernet and beyond.

Abstract: Disclosed is a technique for facilitating software upgrade for a switching system comprising a first management processor and a second management processor and a set of one or more line processors, the techniques comprising receiving a signal to perform a software upgrade for a line processor from the set of line processors, and performing a software upgrade for the line processor without substantially affecting packet switching performed by the switching system.

Abstract: Methods of detecting and recovering from communication failures within an operating network switching device that is switching packets in a communication network, and associated structures. The communication failures addressed involve communications between the packet processors and a host CPU over a shared communications bus, e.g., PCI bus. The affected packet processor(s)—which may be all or a subset of the packet processors of the network switch—may be recovered without affecting hardware packet forwarding through the affected packet processors. This maximizes the up time of the network switching device. Other packet processor(s), if any, of the network switching device, which are not affected by the communication failure, may continue their normal packet forwarding, i.e., hardware forwarding that does not involve communications with the host CPU as well as forwarding or other operations that do involve communications with the host CPU.

Abstract: Techniques are provided for assisting in the processing of failure detection protocol (FDP) packets. Techniques are provided that assist a CPU of a network device in processing incoming FDP packets. In one embodiment, only a subset of FDP packets received by the network device is forwarded to the CPU for processing, the other FDP packets are dropped and not forwarded to the CPU. The processing is performed using dual memory structures that enable receipt of FDP packets by the network device to be decoupled from the processing of FDP packets by the CPU of the network device.

Abstract: A backplane interface adapter for a network switch. The backplane interface adapter includes at least one receiver that receives input cells carrying packets of data; at least one cell generator that generates encoded cells which include the packets of data from the input cells; and at least one transmitter that transmits the generated cells to a switching fabric. The cell includes a destination slot identifier that identifies a slot of the switching fabric towards which the respective input cell is being sent. The generated cells include in-band control information.

Abstract: Techniques are provided for processing of failure detection protocol (FDP) packets. Techniques are provided that assist a CPU of a network device in processing incoming FDP packets. The task of transmitting FDP packets from a network device is offloaded from the CPU of the network device and instead handled by another module of the network device. In this manner, the processing that the CPU of the network device has to perform for transmitting FDP packets for the various FDP sessions of the network device is reduced. This enables the network device to support newer FDPs with shorter periodic interval requirements.